Jump to content

Recommended Posts

Okay, I'd like some experienced testing on my site.

It's just an upload/management script for online file storage.

[url=http://file-city.co.uk]http://file-city.co.uk[/url]
Username: testone
Password: test

There is also a separate photo storage system where you can upload photos and make them public or private.
If they're public then they appear in a public gallery at http://file-city.co.uk/username.
If they're private, then only you can send the links to them out.

I plan on implementing Zipfile unzipping, and maybe multiple photo uploads.

Cheers!
Link to comment
https://forums.phpfreaks.com/topic/35586-online-file-storage/
Share on other sites

[quote author=Nameless12 link=topic=123904.msg512983#msg512983 date=1169705705]
There is a bug when you login and click logout it says "you have been successfully logged out but in the top right hand corner it says you are logged in until you refresh the page
[/quote]

Oh yeah...! Fixed.
Link to comment
https://forums.phpfreaks.com/topic/35586-online-file-storage/#findComment-168788
Share on other sites

  • 2 weeks later...
OK, I messaged you and I also have some small errors I would like to point out that aren't security threats.

If you go to http://file-city.co.uk/delete.php?zfile=' it creates a mysql error, but some how I don't think it's vulnerable to SQL injection... I'm guessing it's a SELECT clause based on the error made, and I think it's just using the number of rows from it, so someone could not have it output passwords or anything.

Also with the javascript method that goes to that page... I wouldn't say anything, but the rest of your site seems pretty JS independent... Anyways the link is like <a href="javascript: function();">Text</a> which means that if someone without JS enabled clicks it, it will do nothing.  I suggest you change it to <a href="delete.php?zfile=code it to put out the file name with PHP" onclick="function();"> .  That way if they have JS it behaves the same way, but if they don't it just skips the confirm thing and goes straight to the delete page (maybe have the JS version add &del=1 on the end.  Then you could have a small little form on the page that has a confirm delete button that is sent via get and just adds &del=1 to the end.  Then in the script you could do if($_GET['del'] == 1) { delete stuff } else { output the form and what not }.)

Hmmm one last thing... If you upload 2 files and they're both named the same thing, the second file over writes the first, but in the DB two separate entries exist...  You should either add a mysql query to make sure the file doesn't exist in the DB already, or you should check for duplicate file names and tell users to delete the file first.  You could even let the user upload it then save it as a temporary file for a moment.  Then you could allow them the choice of picking a name (don't forget to re validate the name or you might get a file named --;.jpg), or you could allow them to delete the first file.  That way there's not 2 entries in the database pointing to the same file.
Link to comment
https://forums.phpfreaks.com/topic/35586-online-file-storage/#findComment-175884
Share on other sites

  • 1 month later...
Cross Site Scripting:
[url=http://www.file-city.co.uk/phpinfo.php?<script>alert('vulnerable')</script>]http://www.file-city.co.uk/phpinfo.php?<script>alert('vulnerable')</script>[/url]

Full Path Disclosure:
[url=http://www.file-city.co.uk/phpinfo.php]http://www.file-city.co.uk/phpinfo.php[/url]
Link to comment
https://forums.phpfreaks.com/topic/35586-online-file-storage/#findComment-199506
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.